mirror of https://github.com/JohnHammond/CTFd.git
Giving config page more access (#279)
* Giving a plugin's config page more control * Adding utils to base This potentially opens some risk to malicious plugins but really a plugin would already have this capability given that it can run arbitrary Python code.selenium-screenshot-testing
parent
7bdfbfdd7f
commit
ae45493e6e
|
@ -42,7 +42,7 @@ def admin_plugin_config(plugin):
|
||||||
if request.method == 'GET':
|
if request.method == 'GET':
|
||||||
if plugin in utils.get_configurable_plugins():
|
if plugin in utils.get_configurable_plugins():
|
||||||
config = open(os.path.join(app.root_path, 'plugins', plugin, 'config.html')).read()
|
config = open(os.path.join(app.root_path, 'plugins', plugin, 'config.html')).read()
|
||||||
return render_template('admin/page.html', content=config)
|
return render_template_string(config)
|
||||||
abort(404)
|
abort(404)
|
||||||
elif request.method == 'POST':
|
elif request.method == 'POST':
|
||||||
for k, v in request.form.items():
|
for k, v in request.form.items():
|
||||||
|
|
|
@ -78,6 +78,7 @@
|
||||||
<script src="{{ request.script_root }}/static/admin/js/vendor/marked.min.js"></script>
|
<script src="{{ request.script_root }}/static/admin/js/vendor/marked.min.js"></script>
|
||||||
<script src="{{ request.script_root }}/static/admin/js/vendor/bootstrap.min.js"></script>
|
<script src="{{ request.script_root }}/static/admin/js/vendor/bootstrap.min.js"></script>
|
||||||
<script src="{{ request.script_root }}/static/admin/js/main.js"></script>
|
<script src="{{ request.script_root }}/static/admin/js/main.js"></script>
|
||||||
|
<script src="{{ request.script_root }}/static/admin/js/utils.js"></script>
|
||||||
{% block scripts %} {% endblock %}
|
{% block scripts %} {% endblock %}
|
||||||
</body>
|
</body>
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue